Weekly News Roundup January 24-28, 2022


Posted on by Kacy Zurkus

When my 10-year-old daughter learned that fraudsters try to scam people, especially older folks like her grandparents, she became incensed. Now, every time the phone rings, she asks if it’s a scammer because she wants to pick up and give them a taste of their own medicine. It’s fun to play with those who think they are playing you for a fool. That’s why I took great joy in reading about a 73-year-old grandma who successfully swindled the swindler.

In large part, though, the average person is not so savvy at recognizing fraud. According to the most recent Consumer Protection Data Spotlight published by the Federal Trade Commission, “More than one in four people who reported losing money to fraud in 2021 said it started on social media with an ad, a post, or a message. In fact, the data suggest that social media was far more profitable to scammers in 2021 than any other method of reaching people.”

But as we roll from the holiday season into Valentine’s Day and tax season, we are again reminded of the persistence of fraud, phishing scams, and spoofing scams. To learn more about anti-fraud, explore the educational content available in our Library or visit https://www.rsaconference.com/marketplace. Here, you’ll find an entire ecosystem of cybersecurity vendors and service providers who can assist with your specific needs.

Now let’s take a look at what else made cybersecurity headlines this week.

Jan. 28: “Two Taiwanese companies were affected by separate ransomware incidents this week, forcing one to scramble to restore crippled systems and another to push out an emergency update to mitigate attacks on its customers,” Threatpost reported.

Jan. 28: As tensions continue to mount between Russia and Ukraine, the UK’s National Cyber Security Centre advised that organizations take action to bolster their cyber defenses.

Jan. 27: SolarWinds issued a fix for a critical bug in its Web Help Desk software.

Jan. 27: The Environmental Protection Agency (EPA), together with the Cybersecurity and Infrastructure Security Agency (CISA), will roll out a cybersecurity improvement plan for the water and wastewater sector.

Jan. 27: “Cybercriminals claim to have breached systems belonging to France’s Ministry of Justice, and they are threatening to make public the files stolen from the government organization,” SecurityWeek reported.

Jan. 26: Dark Reading reported, “The authors of a dangerous malware sample targeting millions of routers and Internet of Things (IoT) devices have uploaded its source code to GitHub, meaning other criminals can now quickly spin up new variants of the tool or use it as is, in their own attack campaigns.”

Jan. 26: Reuters reported, “North Korea’s internet appears to have been hit by a second wave of outages in as many weeks, possibly caused by a distributed denial-of-service (DDoS) attack.”

Jan. 26: Bleeping Computer reported, “The BfV German domestic intelligence services (short for Bundesamt für Verfassungsschutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group.”

Jan. 25: NIST has published the final version of Assessing Security and Privacy Controls in Information Systems and Organizations.

Jan. 25: Florida’s state-wide CIO announced to a House subcommittee that Florida Digital Service has entered into an interagency cybersecurity contract.

Jan. 25: According to CSO Online, “Gary Gensler, chair of the Securities and Exchange Commission (SEC), has laid out an ambitious cybersecurity plan for his agency that could give it a far more expansive regulatory footprint than it currently has.”

Jan. 24: Infosecurity Magazine reported, “The United States Small Business Administration (SBA) has launched a program to help the country’s emerging small businesses to improve their cybersecurity infrastructure.”

Jan. 24: TechCrunch contributor Jonathan Trull penned a piece offering guidance on how to best respond to zero-day exploits.

Jan. 24: The threat of a Russian invasion of Ukraine continues to loom large, and DHS warned that if the United States takes action, Russia could respond with a cyberattack.


Contributors
Kacy Zurkus

Content Strategist, RSA Conference

Human Element

cyber warfare & cyber weapons cyberattacks patch vulnerability & configuration management zero day vulnerability critical infrastructure security architecture privacy

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community